<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009gRLhcCAGOkta Classic EngineSingle Sign-OnAnswered2024-05-21T09:01:44.000Z2023-09-21T16:55:05.000Z2023-11-23T00:36:47.000Z

0mq9n (0mq9n) asked a question.

September 21, 2023 at 4:55 PM
Getting error "Unknown issuer" with signed requests SAML 2

Hi,

 

My company is making an web app where users can connect via SSO (SAML) with okta.

But I need to be able to give the sign on url dynamically within the request.

 

So I enabled in the application in okta, the SAML Signed Request option and gave a signing certificate.

 

In my backend (using passport-saml/nestjs), i'm using the private key (linked to the certificate I gave in okta) to encrypte the request and the wanted url.

 

But, on the first login (asking for password and all..), after login validated i'm being redirect to okta app dashboard and to to the url I gave.

 

And If I try to login again, I am getting a

400

bad request

Your request resulted in an error. Unknown Issuer

Image is not available

  • 3 answers
  • 1.36K views

  • Mihai N. (Okta, Inc.)

    Hi @0mq9n (0mq9n)​ , Thank you for reaching out to the Okta Community! 

     

     This question is more appropriate for our dedicated Okta Developer Forum.

    My advice would be to reach out devforum.okta.com to take advantage of their expertise.  

    While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work). 

     

    That being said, I've seen one case (and I don't have all the details) where the issue was actually cause by a misconfigured issuer and it was solved by changing the issuer from http://www.okta.com/${org.externalKey} to a different value. 

    I don't know if this applies to your use case, that's why I recommend checking with my colleagues on the Dev side.  

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Headed to Oktane? Here's what you can expect, plus all the Okta tips you may have missed this month

    Expand Post

  • User17004587386582258449 (Customer)

    I only experience the issue when "SAML Signed Request" is enabled for the application. If this is disabled everything works as expected. If it is enabled, login is successful and everything appears to work but finally end up on the "Bad Request" page with the error "Unknown Request" as per above screenshot/image.

     

    I cannot find any information in the System Log either.

    Expand Post
This question is closed.
Loading
Getting error "Unknown issuer" with signed requests SAML 2